Man admits stealing military hacking software and Russia link
Summary
- Australian
Peter Williams pleaded guilty to stealing hacking tools. - He
worked at U.S. defense contractor L3Harris Trenchant division. - Sold
eight zero-day exploits to a Russian cyber-tools broker.
The Justice Department claimed that 39-year-old Peter
Williams sold the tools to a Russian software exploit broker that boasted of
its connections to Moscow and other foreign governments, even though they were
“meant to be sold exclusively to the U.S. government and select
allies.”
The corporation lost $35 million as a result of the crime,
according to prosecutors; the amount is not mentioned in court filings.
However, according to British corporate records, Williams was the general
manager of Trenchant, an intelligence company that was owned by L3Harris
Technologies, a US defense contractor.
Trenchant is a “trusted, discreet partner furnishing
security products, consultancy, training, and integration services to allied
governments, defense, security, and law enforcement agencies,” according to the
L3Harris website.
Both a representative for L3Harris and an attorney for
Williams declined to comment.
The case highlights the private market for software flaws
that get around security measures put in place by computer companies and can
sell for millions of dollars to both government and private purchasers.
Online brokers that offer hacking tools have been dubbed
“the next wave of international arms dealers” by US Attorney Jeanine
Pirro.
In the instance of Williams, Pirro stated in a statement
that the tools’ theft and sale “allowed non-allied foreign cyber actors to
obtain sophisticated cyber exploits that were likely used against numerous
unsuspecting victims.” No alleged victims were identified by the Justice
Department.
Could this case affect U.S. export controls on cyber tools?
This case could impact U.S. import controls on cyber tools
by pressing vulnerabilities in the current nonsupervisory and enforcement
frame. The theft and trade of important hacking tools to a foreign adversary
like Russia emphasize the pitfalls posed by interposers and trade secret theft
involving sensitive cybersecurity particulars.
The U.S. Commerce Department’s Bureau of Industry and
Security( BIS) formerly governs import controls on similar cyber
tools under rules aligned with the multinational Wassenaar Arrangement, which
restricts the import of intrusion software and affiliated technologies to
countries of public security concern. These rules also put end- use
restrictions to help unauthorized cyber conditioning.
Cases like the Australian man’s shamefaced plea emphasize
the necessity of robust import controls and stricter enforcement mechanisms to
cover and help lawless transfers, bigwig pitfalls, and diversion of cyber
tools to hostile actors.